Agent vs Agentless event gathering on Windows

Regarding agent vs agentless data / event gatering, WMI (agentless) seems easier to setup from within Splunk to pull in the data from remote Windows servers. So why would someone deploy Splunk as a Forwarder (agent) on their Windows servers to push the data in?

asked 28 Apr '10, 17:44

maverick ♦
2.8k●40●22●108
accept rate: 14%

2 Answers:

oldest newest most voted

4	there's also some good info in the official docs here: http://docs.splunk.com/Documentation/Splunk/5.0/Data/ConsiderationsfordecidinghowtomonitorWindowsdata link answered 28 Apr '10, 17:55 piebob ♦♦ 4.6k●4●10●23 accept rate: 29% edited 21 Dec '12, 12:49 ChrisG ♦ 3.0k●4●6

Please review this topic in our community wiki for more detail regarding this question.

http://www.splunk.com/wiki/Deploy:SnareVwmiVforwarding

Also,

WMI does not pull data via SSL, but Splunk Forward can push data over SSL
pulling data with WMI may produce gaps in the data, if/when service is restarted
Splunk Forwarder can monitor and push up non-Windows data as well (i.e. IIS events, MSSQL, DIR listings every hour, etc.)

link

answered 28 Apr '10, 17:51

maverick ♦
2.8k●40●22●108
accept rate: 14%

edited 20 Dec '12, 19:06

piebob ♦♦
4.6k●4●10●23

Post your answer

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

forwarder ×648
windows ×447
deployment ×171
agent ×18
agentless ×2

Asked: 28 Apr '10, 17:44

Seen: 4,815 times

Last updated: 21 Dec '12, 12:49

Agent vs Agentless event gathering on Windows

Follow this question

Splunk Resources

Related questions